Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103769 | Third Party Advisory VDB Entry |
https://pivotal.io/security/cve-2018-1274 | Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html |
Configurations
History
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-04-18 16:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-1274
Mitre link : CVE-2018-1274
CVE.ORG link : CVE-2018-1274
JSON object : View
Products Affected
pivotal_software
- spring_data_commons
- spring_data_rest
CWE
CWE-770
Allocation of Resources Without Limits or Throttling